From 29041e72fc273c978c5159049c73732aef031c4b Mon Sep 17 00:00:00 2001 From: Todd Schiller Date: Fri, 5 Jun 2026 17:49:39 -0400 Subject: [PATCH] Docs: note accepted gap for enabled input value inside hidden wrapper MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pre-#176, an enabled `` inside a CSS-hidden wrapper was caught by `hidden-text-strip`'s wrapper detach. After #176 nothing covers it. Document as accepted in `attribute-injection-sanitize`'s docstring — closing it cleanly would require computed-style checks inside the rule's attribute-driven watcher. Audit context: #179. Other gaps from that audit are tracked as #182 (missing ARIA attributes) and #183 (`input[type="hidden"][value]`). Co-Authored-By: Claude Opus 4.7 (1M context) --- extension/src/rules/attribute-injection-sanitize.ts | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/extension/src/rules/attribute-injection-sanitize.ts b/extension/src/rules/attribute-injection-sanitize.ts index 0070ecc..a15b7bc 100644 --- a/extension/src/rules/attribute-injection-sanitize.ts +++ b/extension/src/rules/attribute-injection-sanitize.ts @@ -17,6 +17,15 @@ // would use to plant a "pre-confirmed" instruction that the agent // treats as load-bearing while the user has no chance to clear it. // +// Accepted limitation: an enabled `` sitting inside a +// CSS-hidden wrapper (`visibility:hidden`, off-left, opacity:0) is not +// scrubbed. The same asymmetry as the disabled case applies — the user +// can't see or edit the value — but matching it would require a +// computed-style check at scrub time, which conflicts with this rule's +// lightweight attribute-driven watcher. Pre-#176 these were caught when +// `hidden-text-strip` detached the wrapper; the regression is accepted +// because the trigger surface is narrow (enabled input + hidden wrapper). +// // On a match we remove the whole attribute rather than blanking its // value. An empty `aria-label` actively hides an element from // accessibility-tree consumers (which is worse than no aria-label,